#
# allow connections from any host on the Virtual Brewery network
255.255.255.0 172.16.1.0
#
The first entry on each line is the netmask to use for the entry, with
A third option is to use the secure portmapper instead of the
Setting Up an NIS Client with GNU libc
We will now describe and discuss the configuration of an NIS client using the GNU libc library support.
Your first step should be to tell the GNU libc NIS client which server to use for NIS service. We mentioned earlier that the Linux ypbind allows you to configure the NIS server to use. The default behavior is to query the server on the local network. If the host you are configuring is likely to move from one domain to another, such as a laptop, you would leave the
A more secure configuration for most hosts is to set the server name in the
# yp.conf - YP configuration for GNU libc library.
#
ypserver vbardolino
The
In the form shown in the example, the ypserver command tells ypbind to use the named server regardless of what the current NIS domain may be. If, however, you are moving your machine between different NIS domains frequently, you may want to keep information for several domains in the
# yp.conf - YP configuration for GNU libc library.
#
domain winery server vbardolino
domain brewery server vstout
This lets you bring up the laptop in either of the two domains by simply setting the desired NIS domain at boot time using the domainname command. The NIS client then uses whichever server is relevant for the current domain.
There is a third option you may want to use. It covers the case when you don't know the name or IP address of the server to use in a particular domain, but still want the ability use a fixed server on certain domains. Imagine we want to insist on using a specified server while operating within the Winery domain, but want to probe for the server to use while in the Brewery domain. We would modify our
# yp.conf - YP configuration for GNU libc library.
#
domain winery server vbardolino
domain brewery broadcast
The
After creating this basic configuration file and making sure it is world-readable, you should run your first test to connect to your server. Make sure to choose a map your server distributes, like
# ypcat hosts.byname
172.16.2.2 vbeaujolais.vbrew.com vbeaujolais
172.16.2.3 vbardolino.vbrew.com vbardolino
172.16.1.1 vlager.vbrew.com vlager
172.16.2.1 vlager.vbrew.com vlager
172.16.1.2 vstout.vbrew.com vstout
172.16.1.3 vale.vbrew.com vale
172.16.2.4 vchianti.vbrew.com vchianti
The output you get should resemble that just shown. If you get an error message instead that says: Can't bind to server which serves domain, then either the NIS domain name you've set doesn't have a matching server defined in
# rpcinfo -u
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
Choosing the Right Maps
Having made sure you can reach the NIS server, you have to decide which configuration files to replace or augment with NIS maps. Commonly, you will want to use NIS maps for the host and password lookup functions. The former is especially useful if you do not have the BIND name service. The password lookup lets all users log into their accounts from any system in the NIS domain; this usually goes along with sharing a central
Other maps, like
Generally, you want to have some choice of when a lookup function uses the local files, when it queries the NIS server, and when it uses other servers such as DNS. GNU libc allows you to configure the order in which a function accesses these services. This is controlled through the
The right order of services depends on the type of data each service is offering. It is unlikely that the
